Monthly Shaarli
January, 2018
Personal details from your Internet profile—from your professional history to how many friends you have—are being collected, analyzed, and sold.
New forms of sophisticated digital signage networks are being deployed widely by retailers and others in both public and private spaces. From simple people-counting sensors mounted on doorways to sophisticated facial recognition cameras mounted in flat video screens and end-cap displays, digital signage technologies are gathering increasing amounts of detailed information about consumers, their behaviors, and their characteristics.
Facebook devrait être considéré comme d'autres entreprises qui fabriquent des produits addictifs et potentiellement dangereux. C'est l'avis du PDG de la société Salesforce, Marc Benioff, l'un des dirigeants les plus influents de la Sillicon Valley, qui estime qu'il est temps que le gouvernement américain s'empare du sujet et impose une régulation des réseaux sociaux, comme c'est déjà le cas pour l'industrie du tabac.
Google for the first time spent more than any other company in 2017 to influence Washington, highlighting both the sprawling reach of the country's thriving tech industry and the rising concern by regulators and lawmakers of its ascendance.
All told, the search giant broke its own record by allocating more than $18 million to lobby Congress, federal agencies and the White House on issues such as immigration, tax reform, and antitrust. It also spent money to weigh in on an effort by lawmakers and regulators to regulate online advertising, which is at the core of Google's business, according to disclosures filed to the Senate Office of Public Records.
Few consumers have ever heard of Acxiom. But analysts say it has amassed the world’s largest commercial database on consumers — and that it wants to know much, much more. Its servers process more than 50 trillion data “transactions” a year. Company executives have said its database contains information about 500 million active consumers worldwide, with about 1,500 data points per person. That includes a majority of adults in the United States.
Le 23 août 2017 paraît l'article de Numerama "Enquête : comment les apps Figaro, L’Équipe ou Closer participent au pistage de 10 millions de Français". C'est à partir de cette date que tout commence. L'article confirme mes suppositions du moment. Le tracking sur mobile collecte une quantité démentielle de données, données qui seront ensuite partagées/achetées/vendues à d'autres sociétés. Par exemple, la société AppsFlyer, éditant le tracker du même nom, est partenaire de la société chinoise MobVista. Plus généralement, les sociétés éditrices de trackers, comme Teemo ou Ad4Screen, ont des partenariats avec des sociétés d'ampleur supérieure.
We blame Walmart for decimating small businesses, but ultimately, small town shoppers chose convenience and lower prices over the more local and diverse offerings from their neighbors. And for the past several years, readers have been doing the same thing in favoring Facebook. What Kamer is arguing is that readers who value good journalism, good writing, and diverse viewpoints need to push back against the likes of the increasingly powerful and monolithic Facebook…and visiting individual websites is one way to do that.
Everyone wants to be popular online. Some even pay for it. Inside social media’s black market.
Today’s disclosure reveals the extent to which Russia’s propaganda was allowed to spread over the platform. The Internet Research Agency is believed to have paid Facebook $100,000 to promote the ads, simply by going through Facebook’s normal ad-placement tools, which are open to anyone.
Automated license plate readers (ALPRs) are high-speed, computer-controlled camera systems that are typically mounted on street poles, streetlights, highway overpasses, mobile trailers, or attached to police squad cars. ALPRs automatically capture all license plate numbers that come into view,...
Son auteur, qui se présente comme un salarié de Lyft, explique qu’un outil accessible à tous permet de consulter les données personnelles des clients, comme leur numéro de téléphone, leur historique de trajets et les avis laissés par les chauffeurs. Des employés l’auraient utilisé pour vérifier l’emploi du temps de leur conjoint, surveiller leur ex-petite amie ou traquer un passager ayant partagé le même trajet.
Visual microphone reconstructs nearby sound from silent videos of ordinary objects
Princeton’s WebTAP privacy project recently found that Google’s trackers are installed on 75% of the top million internet websites.
“I think the current version of the app is a good start, but I hope to streamline it even more in the coming days and weeks,” the Redditor behind FakeApp tells Motherboard. “Eventually, I want to improve it to the point where prospective users can simply select a video on their computer, download a neural network correlated to a certain face from a publicly available library, and swap the video with a different face with the press of one button.”
Billionaire warns of ‘far-reaching adverse consequences’ for democracy and says social media companies’ ‘days are numbered’
A l’heure du big data et de l’intelligence artificielle, les données personnelles sont devenues l’or noir du XXIe siècle. Ceux qui les exploitent, à commencer par les GAFA (Google, Apple, Facebook, Amazon) en retirent des revenus considérables (4,7 milliards de dollars, soit 3,6 milliards d’euros au dernier trimestre pour Facebook, 6,7 milliards pour Alphabet, la maison-mère de Google). Ceux qui les fournissent, c’est-à-dire chacun de nous, n’en tirent aucun profit. C’est en partant de ce constat que le think tank libéral Génération libre propose dans un rapport publié jeudi 25 janvier d’inverser le rapport de force en permettant aux citoyens de vendre leurs données personnelles.
« Devenus des monopoles de plus en plus puissants, Facebook et Google sont des obstacles à l'innovation, et ils ont causé une série de problèmes dont nous commençons tout juste à prendre conscience » considère encore l’investisseur.
« Ils prétendent qu'ils ne font que diffuser des informations, mais le fait qu'ils soient des distributeurs quasi-monopolistiques en fait des services publics et les soumet à des réglementations plus strictes visant à préserver la concurrence, l'innovation et un accès universel ouvert et équitable » déclare-t-il dans son discours.
Les commentaires surviennent dans un contexte de critiques selon lesquelles la Silicon Valley devrait être tenue responsable de l'influence que la Russie a pu exercer en utilisant ses plateformes respectives lors de l'élection présidentielle américaine de 2016.
Facebook a reconnu qu'environ 126 millions d'Américains ont été exposés à du contenu promu par la Russie sur Facebook pendant l'élection. Les agents russes ont également dépensé des dizaines de milliers de dollars en publicités sur YouTube, Gmail et Google.
Soros a en outre accusé les entreprises technologiques d'être tentées de « se compromettre » pour entrer sur le marché chinois, où elles ont longtemps été interdites.
« Il pourrait y avoir une alliance entre les États autoritaires et ces grands monopoles IT riches de données qui allieraient des systèmes naissants de surveillance privés à un système déjà développé de surveillance par l'État » a prévenu Soros. « Cela pourrait bien aboutir à un réseau de contrôle totalitaire que Aldous Huxley ou George Orwell n'auraient même pas imaginé. »
La municipalité Catalane souhaite remplacer les applications Windows de bureautique et de messagerie par des alternatives Open Source et prévoit de troquer Windows pour Ubuntu. L’Open Source prend place au cœur du plan numérique de la ville qui promet la réutilisation des développements.
Des présidences Chirac à Sarkozy, et des ministères Alliot-Marie à Morin, la Défense a d'abord penché pour les logiciels libres, avant de se jeter dans les bras de l'éditeur, montrent des documents révélés par Next INpact et pointés par l'April.
Twitter a déclaré vendredi 19 janvier que l'ingérence russe avant l'élection présidentielle de 2016 était plus répandue qu’estimé initialement et il a promis de faire savoir aux utilisateurs du service s'ils avaient été exposés à la propagande associée à une ferme à troll du Kremlin.
Un chercheur a récemment tiré la sonnette d’alarme : on trouve sur Chrome des extensions au comportement particulièrement dangereux, résistantes aux tentatives de désinstallation. Un problème qui rappelle que les extensions nécessitent presque la même surveillance que les applications classiques.
Si l'on connaît différents écosystèmes French Tech, labélisés, il y en a un qui existe de fait mais dont on parle peu malgré le contexte législatif favorable : celui des sociétés qui misent sur le respect de la vie privée et de l'internaute. De plus en plus de sociétés françaises optent pour cette approche, garanties sans « privacy washing ».
Malgré ce que certains essaient parfois de faire croire, il existe une alternative au tout publicitaire, et surtout, au pistage généralisé des internautes justifié par la gratuité des services. Et bien que l'on entend plus souvent parler de la French Tech pour ses objets connectés ou ses initiatives parfois loufoques, un savoir-faire français s'illustre bien en la matière.
Today, Facebook AI Research (FAIR) open sourced Detectron — our state-of-the-art platform for object detection research. The Detectron project was started in July 2016 with the goal of creating a fast and flexible object detection system built on Caffe2, which was then in early alpha development. Over the last year and a half, the codebase…
system-bus-radio - Transmits AM radio on computers without radio transmitting hardware.
Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign against military personnel, enterprises, medical professionals, lawyers, journalists, educational institutions, and activists.
San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake...
I recently wrote a post about Facebook being a needy sonofabitch. They desperately try to get you there, and once they have you they do all they can to keep you there. It's like a restaurant that bombards your doorstep with flyers until you finally pay it a visit. Once you go there, they lock the do
Mais la qualité du contenu restera prioritaire
Ce spyware récupère vos données
Whilst WhatsApp might not provide full content of messages, the kind of metadata it provides is often enough to draw an informative map of a target's life, said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union (ACLU). She noted that WhatsApp already shares contact information with Facebook where users haven't opted out, which they may provide to government. And the WhatsApp privacy policy notes that it does store some location and contacts information where users have opted to provide them.
"The best practise is to purge information," Guliani added. "When it comes to metadata, how often is WhatsApp purging this kind of information?" As a comparison, the Signal messaging app doesn't store any such metadata and therefore doesn't need to purge it. And whilst it openly admits contact numbers are shared with Signal servers, they're garbled by an encryption algorithm into what's known as a "hash" (though former developer Frederic Jacobs told me it's "trivial" to bruteforce those hashes, so if in the unlikely event a fake Signal server is set up to target a user, their contacts could be exposed).
Nous sommes tout particulièrement préoccupés par la nouvelle politique de confidentialité de WhatsApp annoncée en août 2016, qui autorise le partage de données avec la société mère Facebook. Ceci accorde à Facebook le droit d'accéder à plusieurs éléments relatifs aux informations des utilisateurs de WhatsApp, y compris les numéros de téléphone sur WhatsApp et l'usage des données.
The social network announced in August that it would begin sharing data from its 1 billion-plus user base, including phone numbers, from WhatsApp users with Facebook for the purpose of targeted ads. It gave users the option of opting out of the data being used for advertising purposes, but did not allow them to opt out of the data sharing between WhatsApp and Facebook.
The phone number associated with a user’s WhatsApp account will be used on Facebook to show them ads. This will form part of the targeting the company allows for paying advertisers, who can upload contact databases. Those who use Facebook and are in the contact database uploaded by the advertiser will then be shown the targeted ads.
The information will also be used to show how people interact with a specific ad, but Facebook said that it would not tell advertisers who specifically interacted with the ad.
Metadata is the important part here. Metadata can show who you send a message to and when. You might remember the term from the Snowden leaks, because the CIA was collecting metadata on phone calls. While WhatsApp doesn’t keep your messaging beyond the course of it trying to deliver that message (if the recipient is offline it’ll stay on WhatsApp’s servers until the message goes through), it does collect a lot of other information about you. Based on their Privacy Policy, this includes usage and log information, device information, contact information, cookies, status updates (like when you were last online), and your location if you choose to share it. They can also put that metadata together using other people’s information. For example, if you’re not sharing your contact list, but a friend of yours is and you’re in it, then they can put those two pieces of information together. It’s also worth remembering that Facebook owns WhatsApp, which means it shares data for ad targeting. You can opt out of this, but it’s a noteworthy features because the relationship between the two is going to make some people uncomfortable. None of this is bad by any stretch of the word, but it’s still worth noting.
In the privacy domain, there have been concerns related to user metadata as well. WhatsApp encrypts the communication channel between users using end-to-end encryption. The metadata of the user is encrypted as well when data is in motion on the communication channel between various parties. It is essential to understand that information stored in metadata is just as important in preserving privacy of the users, as is the data itself. The company's legal terms allow them to store information associated with successfully delivered messages such as time of delivery, mobile phone numbers involved in the messages, size of any digital content swapped between the two parties (Bernstein 2006). Also, the app persists the user to share one's entire contact list with the app. This is a way to further gather information about who is in a particular social network of a user. It is like trading the convenience of having the app to figure out who uses it amongst one's contacts for giving up the entire list of which one contacts regularly, including those who don't use the app. There is still no option of selectively adding contacts to the WhatsApp list. Any addition of this feature in the future will not help existing users as they have already shared this detail with the app.
A smartphone metadata reflects a wealth of details both at the level of individual calls and when analyzed in aggregate. Computer scientists and researchers have proved this a number of times in the past. It is here where WhatsApp falters. While the metadata is encrypted during transit, phone numbers, timestamps, connection duration, connection frequency, as well as user location are being stored on the company's servers. This metadata is sufficient to create a profile and draw some strong inferences between the communicating parties. And as we've seen very often, both governments and hackers can get their hands on the metadata if they realty go after it.
What advantage would Facebook, the parent company has in addition to the metadata related information coming via WhatsApp? WhatsApp had vowed that it would not be selling advertisements. However, there is no condition that can stop its parent company from doing so by using information gathered through the whatsapp. In combination to one's activities on Facebook, it can potentially help create a more accurate understanding of the user behavior, and social interactions thereby serving as a strong measure of profiling for some targeted ads. This is not truly a major concern as long as the user sees ads that make sense to them. Any change in the content delivery algorithm can lead to a very different user experience, where in some cases the user may outright stop using the app.
For group chat, the communication initiator sends message to the whatsapp server, which in turn distributes it to all the group members. This is a very easy way of for Facebook to learn all about ones social interactions and communities. A lot can be deduced by performing some kind of traffic analysis just by using the metadata like from the message volume exchanged.
In August 2016, WhatsApp changed its terms of privacy where it stated that it plans to transfer user data to its parent company, Facebook. It had earlier promised that this data would not be disclosed or used for marketing purposes. But now it will share user account information with Facebook and the Facebook family of companies, like the phone number the user used as a primary identifier. The companies intend to use WhatsApp account information to show users "more relevant ads on Facebook" and to send users marketing messages via WhatsApp. A phone number is like a digital social security number (EPIC - WhatsApp). It can uniquely identify a person as this information is provided every time when filling up forms for various purposes. It can also connect various sources of data, like health records, financial data, and education, online presence, etc. and create a full profile of a person.
Learn about tracking technologies, market structure and data-sharing on the web. Detailed profiling of top trackers and the tracker landscape on popular domains.
L’année 2018 sera marquée par d’importants événements déjà prévus, notamment le mariage princier au Royaume-Uni, la Coupe du monde de footb
Comment supprimer l'historique de recherche Google et effacer vos traces de navigation ? On vous explique tout dans notre tutoriel complet.
my_Mozilla_settings - Mozilla Firefox Thunderbird preferences settings tweaks
Firefox bullshit removal via about:config
Where Am I Right Now, Asking 'Where Am I?' or 'My Current Location?'. This web detects your location, and display your location on google map (latitude, longitude, and LOCATION NAME).
At Signal, we’ve been thinking about the difficulty of private contact discovery for a long time. We’ve been working on strategies to improve our current design, and today we’ve published a new private contact discovery service. Using this service, Signal clients will be able to efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service.
In collaboration with Signal, Microsoft is introducing a Private Conversations feature in Skype, powered by Signal Protocol.
Signal is a new security protocol and accompanying app that provides end-to-end encryption for instant messaging. The core protocol has recently been adopted by WhatsApp, Facebook Messenger, and Google Allo among many others; the first two of these have at least 1 billion active users. Signal includes several uncommon security properties (such as “future secrecy” or “post-compromise security”), enabled by a novel technique called ratcheting in which session keys are updated with every message sent. Despite its importance and novelty, there has been little to no academic analysis of the Signal protocol.
We conduct the first security analysis of Signal’s Key Agreement and Double Ratchet as a multi-stage key exchange protocol. We extract from the implementation a formal description of the abstract protocol, and define a security model which can capture the “ratcheting” key update structure. We then prove the security of Signal’s core in our model, demonstrating several standard security properties. We have found no major flaws in the design, and hope that our presentation and results can serve as a starting point for other analyses of this widely adopted protocol.
Bob Sinnott of Toasted Coffee + Kitchen in Lower Greenville said after months of non-stop phone calls from Yelp, he claims his favorable rating dropped after he finally told the company he would not pay for advertising.
Inox patchset tries to provide a minimal Chromium based browser with focus on privacy by disabling data transmission to Google.
Paperwork est un programme de gestion de documents personnels (papiers et PDF) conçu par un flemmard pour les flemmards. Il s’agit d’une interface graphique conçue avec une idée en tête : « scan & forget » (« numériser et puis voilà fini »). Lire, trier et indexer les papiers est un travail de machine, pas d’humain.
John Gruber, author of the Daring Fireball blog and inventor of the Markdown publishing format, warns there could be more of this to come. “There is so much Chrome-only stuff right now,” says Gruber. “If you think Google isn’t building a proprietary Chrome platform, your head is in the sand.”
iFixit donne régulièrement des scores de réparabilité à chaque sortie de nouveau produit. L’année 2017 a été à cet égard caractérisée par de nouveaux produits embarquant quantité de composants comme la RAM, le stockage SSD NAND et/ou le port USB soudés sur la carte-mère. Et recourrant à une utilisation un peu trop généreuse de la colle. Microsoft et Apple sont particulièrement montrés du doigt avec des produits quasi-impossible à réparer hors SAV officiel. Voici la liste noire des smartphones, tablettes et ordinateurs les moins réparables de 2017 !
Intel dans l'œil du cyclone
A Q&A with iFixit CEO Kyle Wiens about the demise of the repair industry and a plan to revive it.
Amazon wants to boost its search and video advertising opportunities, as well as help companies advertise across the web.
The Paradise Papers leak has revealed that Apple has moved its international tax residency to a tiny island called Jersey.
Download apk for Android with APKPure APK downloader. NoAds, Faster apk downloads and apk file update speed. Best of all, it's free
Some smartphone games are listening to what your mic picks up — but not to hear what you say. Instead, they’re trying to hear what you’re watching.
This is something smartphone apps have been doing...
La directrice des systèmes d’information de la Ville tient dans ses mains le deuxième label numérique libre obtenu en deux ans. « On a été des précurseurs en matière de numérique dans le département. Nous avons obtenu une note de trois sur cinq pour ce label. »
Tu ajoutes des perles de ferrite sur les câbles de ton compteur et le tour est joué plus de fuite. ;)
C'est effectivement la chose qui fonctionne le mieux autant pour nettoyer l'entrée que pour éviter les fuites de données. Ça devrait, selon moi, être obligatoire derrière tout compteur, comme les différentiels de 30mA.
This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations.
Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.
Dans un article publié sur Medium, plusieurs ingénieurs de l'entreprise expliquent comment ils s'y prennent pour personnaliser les images d'illustration des séries, films, ou documentaires en fonction des préférences de chaque utilisateur. Au menu : algorithme et machine learning.
Netflix est fière de ses algorithmes de recommandation. La plateforme américaine de vidéo en ligne communique régulièrement sur la façon dont elle s’y prend pour nous faire consommer le maximum de contenu
As Amazon.com Inc. builds out its advertising services and sales team, it increasingly impinges on the turf of two other tech titans, Facebook Inc. and Alphabet Inc.’s Google.
Dans le premier cas, ce qui suscite l'attention est l'influence du domaine de messagerie du client sur le prix de son assurance. Celui qui fournit une adresse Hotmail (mr.x@hotmail.com) paye en effet son contrat jusqu'à 30 livres sterling plus cher que celui qui possède un compte GMail (mr.y@gmail.com). Les responsables d'Admiral n'hésitent pas à confirmer cette différence, qui concerne d'ailleurs d'autres fournisseurs que Hotmail, en indiquant que leurs recherches établissent un risque plus élevé pour ces personnes.
Le deuxième exemple est potentiellement plus polémique puisqu'il semblerait qu'une même police puisse être proposée avec un écart de tarif de presque 1 000 livres, selon que le souscripteur s'appelle John Smith ou Mohammed Ali (les pseudonymes utilisés par les journalistes). Là également, bien qu'aucune réaction officielle ne soit mentionnée, il est probable que c'est une analyse statistique qui conduit à cette différence, repérée aussi, quoique dans des proportions plus modérées, chez d'autres assureurs.
[...]
En prolongeant encore la réflexion, arrive inévitablement le sujet de la nature même du produit d'assurance : que devient son principe originel de mutualisation des risques si, au fil de l'application d'algorithmes de plus en plus pointus sur une masse de plus en plus importante d'information, le prix payé par chaque client est ajusté à son risque individuel ? Cette perspective est-elle acceptable ? Ou faut-il prendre les mesures pour éviter d'en arriver là ? Dans ce dernier cas, le cas d'Admiral signale une urgence…
Instead of reading stories that get to you because they're popular, or just happen to be in your feed at that moment, you'll read stories that get to you because you chose to go to them. Sounds simple, and insignificant, and almost too easy, right?
It's only easy, and simple to do. As for why you should do it: It's definitely not simple, nor insignificant. By choosing to be a reader of websites whose voices and ideas you're fundamentally interested in and care about, you're taking control.
And by doing that, you'll chip away at the incentive publishers have to create headlines and stories weaponized for the purpose of sharing on social media. You'll be stripping away at the motivation for websites everywhere (including this one) to make dumb hollow mindgarbage. At the same time, you'll increase the incentive for these websites to be (if nothing else) more consistent and less desperate for your attention.
Interviews with Bill Gates, Steve Jobs, and other tech elites consistently reveal that Silicon Valley parents are strict about technology use.
Et leur domination s'accentue
Le milliardaire prédit une prise de conscience
A guide to self-hosting your email on FreeBSD using Postfix, Dovecot, Rspamd, and LDAP.
A cheatsheet for moving efficiently in the CLI!
The ACLU of California has obtained records showing that Twitter, Facebook, and Instagram provided user data access to Geofeedia, a developer of a social media monitoring product that we have seen marketed to law enforcement as a tool to monitor activists and protesters.
Block unwanted sites from your Google, DuckDuckGo, Startpage.com, Bing and Yahoo search results.
CAR insurer Admiral last night admitted hiking premiums for drivers applying via Hotmail. The Sun asked about policies using identical details but different mail accounts. Enquiries via Hotmail saw…
From the speech transcript [ https://news.ycombinator.com/item?id=16237684 ]:
“Social media companies deceive their users by manipulating their attention and directing it towards their own commercial purposes. They deliberately engineer addiction to the services they provide. This can be very harmful, particularly for adolescents. There is a similarity between internet platforms and gambling companies.”
Pour s’infiltrer dans les téléphones de leurs cibles, les hackeurs ont créé au moins onze clones vérolés d’applications de discussion, comme Telegram, WhatsApp ou Signal, en y insérant un logiciel de surveillance surnommé Pallas. Ces applications ressemblent en tout point aux originales, remplissent la même fonction, mais envoient les contacts, messages et autres données à un serveur contrôlé par les hackers.
Ces applications n’étaient pas proposées dans les boutiques officielles, mais dans d’autres sites habillés d’une manière à avoir l’air légitimes. Afin d’infecter leurs cibles, les espions ont essentiellement recouru à des techniques dites d’« hameçonnage » pour attirer leurs victimes vers ces fausses boutiques d’applications ou leur faire ouvrir, par exemple, des documents Word piégés. Outre ces techniques exécutées à distance, les chercheurs notent que les espions à l’origine de Dark Caracal ont parfois accédé physiquement aux appareils de certaines de leurs cibles.
Les données dérobées sur les téléphones incluent des enregistrements audio de conversations téléphoniques, des SMS, les journaux d’appels, les contenus de logiciels de messageries, les contacts ainsi que des photographies. A partir des ordinateurs, les pirates ont subtilisé des historiques de conversations sur le logiciel Skype, des dossiers photos dans leur intégralité, des listes de tous les fichiers présents sur la machine, et pouvaient même réaliser des captures d’écran à intervalles réguliers.
Selon un chercheur israélien, l’application de rencontre Tinder souffre de plusieurs défauts de design qui permettent à un attaquant d’intercepter les données liées à un compte utilisateur. Celle-ci permet ainsi de voir l’ensemble des photos d’un utilisateur ainsi que ses swipes.
Researchers at Checkmarx decided to measure how securely Tinder handles all those images it sends you. Answer: not so much.
A set of Adblock filters to block obtrusive EU cookie law notices. This is a fork from the original Prebake files because the updates there were many months behind and the list becoming bloated with outdated records, therefore I decided to make my own fork. It's as much as possible updated and cleaned up. Please go ahead and use it.
The goal of my version is to have a list that is updated frequently and is kept clean by checking the existing records from time to time and sorting the up-to-date ones as good as possible. I will add LC: yearmonthday dates to the records that have been check to give an idea when the last time was when that particular record was checked. I will personally test additions that have been committed by other people, before I actually add them.
Grâce à la publication de plusieurs documents, Next INpact révèle l'existence d'un rapport daté du 3 février 2005, signé du Contrôleur général des armées Jean Tenneroni, portant sur « les logiciels du ministère de la Défense : régularité et acquisition, politique d’acquisition et migration vers les logiciels libres ». Michèle Alliot-Marie, ministre de la Défense à l'époque, aurait approuvé les conclusions de ce rapport, à savoir une migration vers le logiciel libre.
[...]
Un autre document publié par Next INpact, une note du Conseil général des Technologies de l’Information (CGTI) datée de février 2006, évoque notamment le mouvement à l'époque dans les ministères en faveur de la suite bureautique libre OpenOffice. L'armée aurait par exemple décidé de migrer 90 000 postes vers OpenOffice.
L'article rappelle que la première directive de la Direction générale des systèmes d'information et de communication (DGSIC), créée en mai 2006 et qui élabore la politique d'ensemble des Systèmes d'information et de communication de ce ministère, engageait le ministère de la Défense dans une « politique volontariste vis à vis des logiciels libres ».
L'article se poursuit par un rappel de la prise de position du Premier ministre de l'époque, Jean-Pierre Raffarin, en faveur du logiciel libre pour réaliser des économies dans la gestion de l'État. Prise de position qui lui avait valu de recevoir un courrier, signé Christophe Aulnette, alors PDG de Microsoft France.
Les internautes apprécient les sites Web s’affichant rapidement, rappelle Google. Les sites trop lents ne pourront plus prétendre à l’avenir au même référencement dans les résultats de recherche de son moteur.
Aiming for a 10 year life-cycle for smartphones
Le règne des réseaux sociaux et des jeux
Switches commercial model for contribution to open source,Software ,Software,Open Source,Linux
Windows Directory Statistics cleanup tool
More than 1 million people downloaded a copycat WhatsApp app from the Google Play Store, according to a report from The Hacker News. The app, which is officially called Update WhatsApp Messenger, w…
qdirstat - QDirStat - Qt-based directory statistics (KDirStat without any KDE - from the original KDirStat author)
The agency tells a federal judge that it is investigating and 'sincerely regrets its failure.'
Le choix laissé à l'utilisateur
The Bottom Line
WhatsApps adoption of a strong encrypted protocol is a significant improvement in secure messaging, but problems remain. Although the data is well protected on the wire, there is still significant metadata leakage and there are significant privacy issues related to using the app.
0 trackers, 67 permissions found.
If you use both WhatsApp and Facebook, this change allows Facebook access to several pieces of your WhatsApp information, including your WhatsApp phone number, contact list, and usage data (e.g. when you last used WhatsApp, what device you used it on, and what OS you ran it on). With confusing wording, the update correctly points out that your phone number and messages will not be shared onto Facebook. This means that your data will not be shared publicly on your Facebook page or anywhere else on Facebook’s platform. Instead, it will be shared with Facebook—that is, Facebook systems and the “Facebook family of companies.” While WhatsApp’s privacy-friendly end-to-end encryption remains, and the company assures users it will not share their data directly with advertisers, this nevertheless presents a clear threat to users’ control of how their WhatsApp data is shared and used.
[...]
Most critically for user privacy, however, sharing this kind of metadata also gives Facebook an enhanced view of users’ online communication activities, affiliations, and habits, and runs the risk of making private WhatsApp contacts into more public Facebook connections. The new privacy policy, for example, permits Facebook to suggest WhatsApp contacts as Facebook friends. Facebook can also use the data to show “more relevant” ads. In an announcement accompanying the privacy policy update, WhatsApp offers the example of “an ad from a company you already work with, rather than one from someone you’ve never heard of”—a frightening prospect considering the data coordination and sharing required for Facebook to know the companies with whom you do business.
Metadata equals surveillance data, and collecting metadata on people means putting them under surveillance.
An easy thought experiment demonstrates this. Imagine that you hired a private detective to eavesdrop on a subject. That detective would plant a bug in that subject's home, office, and car. He would eavesdrop on his computer. He would listen in on that subject's conversations, both face to face and remotely, and you would get a report on what was said in those conversations.
[...]
Now imagine that you asked that same private detective to put a subject under constant surveillance. You would get a different report, one that included things like where he went, what he did, who he spoke to -- and for how long -- who he wrote to, what he read, and what he purchased. This is all metadata, data we know the NSA is collecting. So when the president says that it's only metadata, what you should really hear is that we're all under constant and ubiquitous surveillance.
WhatsApp messenger is arguably the most popular mobile app available on all smart-phones. Over one billion people worldwide for free messaging, calling, and media sharing use it. In April 2016, WhatsApp switched to a default end-to-end encrypted service. This means that all messages (SMS), phone calls, videos, audios, and any other form of information exchanged cannot be read by any unauthorized entity since WhatsApp. In this paper we analyze the WhatsApp messaging platform and critique its security architecture along with a focus on its privacy preservation mechanisms. We report that the Signal Protocol, which forms the basis of WhatsApp end-to-end encryption, does offer protection against forward secrecy, and MITM to a large extent. Finally, we argue that simply encrypting the end-to-end channel cannot preserve privacy. The metadata can reveal just enough information to show connections between people, their patterns, and personal information. This paper elaborates on the security architecture of WhatsApp and performs an analysis on the various protocols used. This enlightens us on the status quo of the app security and what further measures can be used to fill existing gaps without compromising the usability. We start by describing the following (i) important concepts that need to be understood to properly understand security, (ii) the security architecture, (iii) security evaluation, (iv) followed by a summary of our work. Some of the important concepts that we cover in this paper before evaluating the architecture are - end-to-end encryption (E2EE), signal protocol, and curve25519. The description of the security architecture covers key management, end-to-end encryption in WhatsApp, Authentication Mechanism, Message Exchange, and finally the security evaluation. We then cover importance of metadata and role it plays in conserving privacy with respect to whatsapp.
I posted this not because I was angry on having a GET request sent to my server on a char by char basis. My main concerns were privacy related, since I posted this some additional things came to light:
1) This leaks the IP address of the person writing the msg
2) When property="og:image" is used it also leaks the User Agent and Android version [1]
3) When presented with invalid headers as a reply it can cause a crash on IOS, which mean this is a potential RCE vector [2]
4) It leaks the exact time an URL is typed into a chat
5) It's on by default, this is the default behavior in E2E encrypted conversations [3]
I don't use WhatsApp, I found this out by accident as I just have a habit to tail my logs. I know though that Signal doesn't do any of this pre-fetching. I am aware this is a 'feature' but there's no place for it when security is involved.
[1] https://twitter.com/0xjomo/status/874585822158352384
[2] https://twitter.com/dr4ys3n/status/874725257722179584
[3] https://mastodon.social/@rysiek/9146943
Even with end-to-end encryption Big Brother is still in your phone: metadata
Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.
[...]
The vulnerability is not inherent to the Signal protocol. Open Whisper Systems’ messaging app, Signal, the app used and recommended by whistleblower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.
[...]
Boelter reported the vulnerability to Facebook in April 2016, but was told that Facebook was aware of the issue, that it was “expected behaviour” and wasn’t being actively worked on. The Guardian has verified the loophole still exists.
Encore une fois, Android est victime d'un logiciel espion et celui découvert par les ingénieurs de Kaspersky fait froid dans le dos. Actif depuis 2014 et conçu pour une cybersurveillance ciblée, cet implant, nommé Skygofree, "comporte des fonctionnalités inédites, telles que l’enregistrement audio suivant la géolocalisation via des appareils infectés", souligne l'éditeur de sécurité. Son vecteur de propagation est classique : il se planque dans des pages web imitant celles de grands opérateurs mobiles.
Il y a quelques jours, les joueurs de PokemonGO ont vu les cartes du jeu modifiées. Il s'agit simplement d'une bascule des cartes de Google Maps vers OpenStreetMap par Niantic, l'éditeur du jeu Pokemon GO.
Au vu du nombre important de joueurs, cette migration peut-être vue comme un gage de crédibilité d'openStreetMap comme solution de mapping, un bon coup de publicité.
De plus, on peut penser qu'un certain nombre de dresseurs s'investiront dans OpenStreetMap pour corriger/améliorer les cartes, et rendre le jeu encore plus attractif.
La plupart des smartphones Android envoie des données sur les serveurs de Google. Suivez ce guide pour enfin ne plus être pistés !
Matthew Green and I had a bet for the last year, which just ended, over libotr's security; I bet him that nobody would find a sev:hi flaw in it all year, and, of course, won, because at this point all the low-hanging fruit in libotr has been shaken out.
That bet was a reaction to the release of the EFF scorecard, which at the time gave Cryptocat(†) a perfect score but dinged ChatSecure, which is a libotr client, for not having an audit done.
I told Matthew Green I'd write up something about the bet, and what did get reported to me about libotr; I'll probably spend a few thousand words critiquing the scorecard there. A brief outline, though:
-
There are places where the scorecard is factually misleading. For instance: there seems to be no coherence to what "source code available for inspection" means; it still lists Telegram as being open source!
-
It's oversimplified in misleading ways as well. Systems which technically have the capability of verifying peers are given big green checkmarks even when that feature is so broken as to be useless. And, of course, there's the "been audited recently" checkmark, which, as anyone familiar with software security auditing will tell you, means absolutely fuck-all (again: ponder the fact that libotr, which has been a high-profile target for something like a decade and is more or less frozen stable, was counted as "not audited", while projects that got a 1-week drive-by from a firm specializing in web security got a big green checkmark).
-
What does "security design properly documented" even mean? Where's the methodology behind the chart? A few paragraphs of text aimed at laypeople isn't a documented methodology! The one place they eventually did add documentation --- "what's a good security audit" --- tries to explain a bunch of stuff that has almost nothing to do with the quality of software security inspection, and then throws up its hands and says "we didn't try to judge whether projects got good audits". Why? Why didn't they consult any named outside experts? They could have gotten the help if they needed it; instead, they developed this program in secret and launched it all at once.
-
The project gives equal time to systems that nobody uses (at one point, Cryptocat was near the top of the list, and ChatSecure was actually hidden behind a link!), and is ranked alphabetically, so that TextSecure, perhaps the only trustworthy cryptosystem on this list (with the possible exception of the OTR clients) is buried at the bottom.
-
If the point of this chart is to educate laypeople on which cryptosystem to use, how is anyone supposed to actually evaluate it? They don't really say. Is it ok to use Jitsi's ZRTP, despite missing the "recent audit" checkbox? What about Mailvelope, which is missing the forward-secrecy checkbox? Can anyone seriously believe it's a better idea to use Telegram or Cryptocat, both flawed ad-hoc designs, than TextSecure or ChatSecure?
I guess I can't be brief about this after all. Grrr. This scorecard drives me nuts.
I am not saying that these flaws in any way impacted your particular research project.
Ce cours ne nécessite pas de pré-requis : il s'adresse à toutes celles et ceux qui sont soucieux de mieux comprendre les enjeux de la protection de la vie privée sur internet et de mieux maîtriser les outils numériques sur le plan des données personnelles
People say things like this about Signal but tend not to acknowledge why Signal is like that. Look at how Signal handles something as basic as user profiles, then compare it to how other applications address the same problems. I'll recommend Wire alongside WhatsApp any day, but keep in mind that Wire's servers apparently have a record of every conversation that has occurred between any two Wire users (not the content, mind you, just the link).
This is why I disagree with Matthew Green, do not think we've totally figured out secure messaging yet and that they're all "so good", and think that if you're serious about privacy --- enough to have strong opinions about WhatsApp vs. Signal, for instance --- that you should use multiple messengers:
-
a "tier 1" secure messaging app like Signal that makes all reasonable tradeoffs in favor of security and privacy regardless of the UX cost, used when possible and for sensitive conversations.
-
a "tier 2" secure messaging app like WhatsApp or Wire as your "daily messenger".
-
"tier 3" messenger applications (including email) that you use mostly to rendezvous to a real messenger application.
In this scheme you can start to understand Signal as not just a decent messenger application with best-in-class security and privacy, but also as a laboratory for future privacy enhancements to messaging.
Mayan EDMS is a wonderful product with a lot of features. However, its sheer number of features and capabilities can be a bit intimidating for the average user. This is where Open Paperless comes in. Open Paperless is a re-think of the user interface and user experience for Mayan EDMS. The goal is to reduce the complexity and make it more suitable for home users. Think of Open Paperless as a lightweight version of Mayan EDMS.
There is so much Chrome-only stuff right now. If you think Google isn’t building a proprietary Chrome platform, your head is in the sand.
Unlock your device with Jeffs tutorial and then join the community here. Active discussions of Debian Linux on the A10, Dockstar, GoFlex, Pogoplug, and other devices.
L'une des surprises de ce comparatif vient de Firefox qui a retrouvé ses galons de la grande époque. Même s'il n'est pas toujours le plus rapide, il joue désormais dans la cour des navigateurs puissants et ultra-modernes. Difficile, aujourd'hui, de prétendre que l'un est véritablement meilleur que l'autre, mais Firefox a toutefois notre préférence pour sa politique de protection des données des utilisateurs.
Alphonso a les oreilles qui traînent
Des cartouches d'imprimantes pas vraiment vides
Online tracking gets more accurate and harder to evade.
The start-up Alphonso collects viewing data for advertisers through mobile gaming apps that can track users on the devices’ microphones, even when the apps aren’t in use.
n my experience, one of the highest-impact upgrades you can perform is to buy the fastest possible microSD card—especially for applications where you need to do a lot of random reads and writes.
There is an order-of-magnitude difference between most cheap cards and the slightly-more-expensive ones (even if both are rated as being in the same class)—especially in small-block random I/O performance. As an example, if you use a normal, cheap microSD card for your database server, normal database operations can literally be 100x slower than if you used a standard microSD card.
Si vous utilisez le navigateur maison de Samsung dans votre smartphone, vérifiez que vous êtes à jour. Les version inférieures ou égale à la 5.4.02.3 sont victimes d'une faille critique qui permet à un attaquant de détourner de nombreuses informations personnelles stockées dans le terminal, notamment des mots de passe ou identifiants.
Depuis février 2014, la région, à l'époque Rhône-Alpes, investissait dans les logiciels libres et s'engageait à les utiliser davantage. Aujourd'hui, c'est le département du Rhône qui a reçu le label "Territoire numérique libre" niveau 3. Le label est gradué à cinq niveaux. Le but , favoriser l’utilisation des logiciels libres, les promouvoir, encourager la mise à disposition des données publiques et faciliter les échanges grâce à l'utilisation de formats ouverts.
This report discusses the issue of cloud computing and outlines its implications for the privacy of personal information as well as its implications for the confidentiality of business and governmental information. The report finds that for some information and for some business users, sharing may be illegal, may be limited in some ways, or may affect the status or protections of the information shared. The report discusses how even when no laws or obligations block the ability of a user to disclose information to a cloud provider, disclosure may still not be free of consequences. The report finds that information stored by a business or an individual with a third party may have fewer or weaker privacy or other protections than information in the possession of the creator of the information. The report, in its analysis and discussion of relevant laws, finds that both government agencies and private litigants may be able to obtain information from a third party more easily than from the creator of the information. A cloud provider’s terms of service, privacy policy, and location may significantly affect a user’s privacy and confidentiality interests.
L'utilisation des algorithmes permet à la fois de mieux connaître ses clients, mais aussi de rendre leur plateforme addictive, voire d'influencer les goûts des internautes. Étrangement, comme l’avait déjà remarqué Mashable, la plateforme fait presque toujours en sorte de mener progressivement ses abonnés à consommer une série Marvel, donc une création originale de Netflix, les deux sociétés ayant conclu un deal historique fin 2013. Même si vous détestez les comics, vous finirez peut-être par découvrir l'histoire de l'un de ces super-héros.
Mobile messaging app Snapchat, which promised its users ephemeral, disappearing picture and video messages, has settled FTC charges that pics and videos sent through its app weren’t as ephemeral as the company promised. According to the FTC, Snapchat transmitted users’ location data, and collected users’ address books without notice or consent. Also, the snaps weren’t protected from disappearing as fully as the company had promised. The FTC complaint also discussed a Snapchat security breach that allowed an attacker to compile a database of 4.6 million Snapchat usernames and phone numbers.
If you are a Facebook user, unless you have actively opted out of the Nielsen tracking, Nielsen can track your clicks and views for its online measurement research. Nielsen/Facebook have already been tracking online advertising that people see, beginning in 2009/2010. Going forward, the Facebook/Nielsen tracking will also measure your TV viewing on mobiles and tablets. The Nielsen/Facebook tracking occurs while you are logged in to Facebook.
An information broker collects information about individuals from public records and private sources including census and change of address records, motor vehicle and driving records, user-contributed material to social networking sites such as Facebook, Twitter and LinkedIn, media and court reports, voter registration lists, consumer purchase histories, most-wanted lists and terrorist watch lists, bank card transaction records, health care authorities, and web browsing histories.
The data are aggregated to create individual profiles, often made up of thousands of individual pieces of information such as a person's age, race, gender, height, weight, marital status, religious affiliation, political affiliation, occupation, household income, net worth, home ownership status, investment habits, product preferences and health-related interests. Brokers then sell the profiles to other organizations that use them mainly to target advertising and marketing towards specific groups, to verify a person's identity including for purposes of fraud detection, and to sell to individuals and organizations so they can research people for various reasons. Data brokers also often sell the profiles to government agencies, such as the FBI, thus allowing law enforcement agencies to circumvent laws that protect privacy.
Even some devices with patches available are connected to the naked Internet.
‘Being Patriotic,’ a Facebook group uncovered by The Daily Beast, is the first evidence of suspected Russian provocateurs explicitly mobilizing Trump supporters in real life.
Un mois et demi ! C'est la moyenne du temps que chaque utilisateur a passé à utiliser des applications pendant l'année. Près de 3 heures chaque jour à l'échelle mondiale, un peu plus de 100 minutes en France.
Les utilisateurs ont 80 applications installées sur leur téléphone, et ils en utilisent 40 chaque mois.
The University’s of Toronto’s Dr. Jordan B. Peterson turned to famous friends Tuesday after his YouTube account was locked “with no explanation.”
The sad truth is that Facebook and Google have behaved irresponsibly in the pursuit of massive profits. And this has come at a cost to our health
Terms of Service; Didn't Read (ToS;DR) is an active project to fix the biggest lie on the web. We help you understand the Terms and Conditions and Privacy Policies of websites.
We're excited to launch a new browser extension and mobile app, extending DuckDuckGo's protection beyond the search box to wherever the Internet takes you.
Admiral car insurance has been accused of putting up premiums for people with Hotmail addresses, claiming that they are more likely to crash. It would be relatively easy for Hotmail users to get their premiums back down again by changing to a more respectable Gmail address, but unfortunately none of them will be able to, because they don’t know how to use the internet.
Pour s’infiltrer dans les téléphones de leurs cibles, les hackeurs ont créé au moins onze clones vérolés d’applications de discussion, comme Telegram, WhatsApp ou Signal, en y insérant un logiciel de surveillance surnommé Pallas. Ces applications ressemblent en tout point aux originales, remplissent la même fonction, mais envoient les contacts, messages et autres données à un serveur contrôlé par les hackers.
Ces applications n’étaient pas proposées dans les boutiques officielles, mais dans d’autres sites habillés d’une manière à avoir l’air légitimes. Afin d’infecter leurs cibles, les espions ont essentiellement recouru à des techniques dites d’« hameçonnage » pour attirer leurs victimes vers ces fausses boutiques d’applications ou leur faire ouvrir, par exemple, des documents Word piégés. Outre ces techniques exécutées à distance, les chercheurs notent que les espions à l’origine de Dark Caracal ont parfois accédé physiquement aux appareils de certaines de leurs cibles.
Les données dérobées sur les téléphones incluent des enregistrements audio de conversations téléphoniques, des SMS, les journaux d’appels, les contenus de logiciels de messageries, les contacts ainsi que des photographies. A partir des ordinateurs, les pirates ont subtilisé des historiques de conversations sur le logiciel Skype, des dossiers photos dans leur intégralité, des listes de tous les fichiers présents sur la machine, et pouvaient même réaliser des captures d’écran à intervalles réguliers.
Similar to Uber's "God View" scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the..
Developers of platforms such as Facebook have admitted that they were designed to be addictive. Should we be following the executives’ example and going cold turkey – and is it even possible for mere mortals?
Le dernier des trois billets de blog publiés est signé Cass R. Sunstein, professeur à la Harvard Law School. Tout en trouvant beaucoup à aimer dans les réseaux sociaux, il considère que des lieux comme Facebook peuvent nuire à la démocratie en créant un environnement qui favorise la division et la polarisation.
« Au mieux, c'est un problème. Au pire, c'est dangereux » juge-t-il.
Le message : Les réseaux sociaux peuvent être véritablement bons pour la démocratie - s'ils fonctionnent correctement.
Chakrabarti reconnaît que sur une période de deux ans englobant les élections de 2016, des entités russes ont créé 80.000 publications qui ont touché environ 126 millions de personnes aux États-Unis, « utilisant essentiellement les réseaux sociaux comme arme d'information ».
OnePlus confirme avoir été victime d'un piratage sur son site. Un script malveillant a été installé afin de récupérer les données bancaires lorsqu'elles étaient saisies (et donc en clair). 40 000 clients sont potentiellement touchés.
Imposer aux concepteurs d'appareils de placer par défaut un moteur de recherche respectueux des données personnelles. C'est ce que tentent des députés dans un amendement au projet de loi adaptant le droit français au Règlement général sur la protection des données (RGPD) européen, alors que le sujet occupe déjà l'Arcep.
Suite à la mise en ligne de Firefox 58, vous pouvez utiliser l'extension Kimetrak sur le navigateur de Mozilla. De premières évolutions ont été mises en place, d'autres devraient rapidement suivre
Le constructeur de jouets pour enfants Vtech avait été victime d’un piratage important en 2015. Vtech a écopé cette semaine d’une amende de 650.000 dollars pour avoir négligé la sécurité de ses jouets, mais des chercheurs continuent de penser que Vtech prend la sécurité à la légère.
Environ 80% des consommateurs sont prêts à ignorer une marque si elle utilise leurs données sans autorisation. D’après une étude de SAP, les internautes sont attentifs aux données qu’ils partagent sur la Toile.
Privacy experts believe tens of millions of Americans are already being monitored by automakers.
altWinDirStat - An unofficial modification of WinDirStat
Not a whole lot of new lessons to be learned from this, but basic reinforcement of old ones:
-
It's easy to get users, even high-profile at-risk users, to install arbitrary applications. Since there's little to be gained from litigating this basic fact, we have to work around it. We recommend at-risk users stick to relatively recent iPhones, not because Android phones can't be made to be asymptotically as secure, but simply because it's more difficult (technically and logistically) to set up a deployment process that gets an application installed on an iPhone that can do as much as these backdoored Android apps can.
-
The biggest threat facing users on general-purpose computers (Windows or Mac) is email attachments. The most profitable desktop infection vector here seems to have been Word macros. There's no point in litigating whether people should or shouldn't use Word documents; they're going to do that. So we have to work around that. Our recommendation is that users be trained not to view attachments on general-purpose computers by clicking on them. Two options: view attachments on iOS devices, where the viewers are less privileged and less full-featured, or always opening them using Google's office tools.
To me, the big lesson of the past few years working with non-technical users targeted by attackers is: general purpose computers simply aren't secure, and can't (for normal users) be made secure. Get people out of computer apps and onto phone or web apps.
WhatsApp’s recent privacy policy update announced plans to share data with WhatsApp’s parent company Facebook, signalling a concerning shift in WhatsApp’s attitude toward user privacy. In particular, the open-ended, vague language in the updated privacy policy raises questions about exactly what WhatsApp user information is or is not shared with Facebook. WhatsApp has publicly announced plans to share users’ phone numbers and usage data with Facebook for the purpose of serving users more relevant friend recommendations and ads. While existing WhatsApp users are given 30 days to opt out of this change in their Facebook user experience, they cannot opt out of the data sharing itself. This gives Facebook an alarmingly enhanced view of users’ online communications activities, affiliations, and habits.
When Facebook bought the start-up WhatsApp in 2014, Jan Koum, one of WhatsApp’s founders, declared that the deal would not affect the digital privacy of his mobile messaging service’s millions of users.
[...]
WhatsApp said on Thursday that it would start disclosing the phone numbers and analytics data of its users to Facebook. It will be the first time the messaging service has connected users’ accounts to the social network to share data, as Facebook tries to coordinate information across its collection of businesses.
WhatsApp is changing its policy as it begins building a moneymaking business after long placing little emphasis on revenue. The company plans to allow businesses to contact customers directly through its platform. A similar strategy is already being tested on Facebook Messenger, a separate messaging service Facebook owns.
[...]
Among the changes, Facebook will be able to use a person’s phone number to improve other Facebook-operated services, such as making new Facebook friend suggestions, or better-tailored advertising, WhatsApp added. It said the data-sharing would also be used to fight spam text messages across it
What they are trying to say is that disclosure of metadata—the details about phone calls, without the actual voice—isn't a big deal, not something for Americans to get upset about if the government knows. Let's take a closer look at what they are saying:
- They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed.
- They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion.
- They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day. But nobody knows what you spoke about.
Sorry, your phone records—oops, "so-called metadata"—can reveal a lot more about the content of your calls than the government is implying. Metadata provides enough context to know some of the most intimate details of your lives. And the government has given no assurances that this data will never be correlated with other easily obtained data. They may start out with just a phone number, but a reverse telephone directory is not hard to find. Given the public positions the government has taken on location information, it would be no surprise if they include location information demands in Section 215 orders for metadata.
In theory you could delete all contacts from your address book, except the ones that you would like to chat with on Whatsapp, then later re-add the ones you deleted, but doing it manually would be too much effort.
My dirty fix for this is to synchronize the contacts with a CardDAV server (owncloud/nextcloud, radicale, baikal,..) and to use an app that lets you synchronize multiple address books at the tap of a button.
The trick is to add a second address book to your server, to which you only add the names and phone numbers of people who use Whatsapp, remove your regular address book from your phone, synchronize the “Whatsapp address book”, grant Whatsapp the contacts permission, add your contacts, remove the contacts permission for Whatsapp, and synchronize your regular address book again.
L’entreprise collecte les numéros de téléphone mobile de ses membres qui servent d’identifiants, et les numéros présents dans leur carnet d’adresses, et surtout « WhatsApp peut conserver des informations horodatées associées aux messages délivrés avec succès et les numéros de téléphone impliqués dans les messages, ainsi que toutes autres informations que WhatsApp a l’obligation légale de collecter ». Cette dernière obligation s’entend selon le droit américain, puisque WhatsApp précise qu’il n’obéit à aucun autre régime juridique que celui de la Californie.
[...]
Ainsi WhatsApp peut tout à fait savoir — et dire aux autorités — à qui un utilisateur a envoyé un message un jour donné, combien de temps a duré la conversation avec tel autre internaute, quels nouveaux interlocuteurs sont apparus dans les contacts réguliers d’un individu, etc., etc.
Or ces métadonnées qui permettent par exemple d’identifier la source d’un journaliste sont parfois jugées plus précieuses encore que le contenu lui-même. C’est ce qu’avait rappelé la Cour de justice de l’Union européenne (CJUE) dans son arrêt Digital Rigts Ireland, pour invalider la directive qui imposait aux opérateurs de conserver de très nombreuses métadonnées, pour tous ses clients, et d’y donner accès aux autorités pour tous types d’enquêtes.
« Les données à conserver permettent de savoir avec quelle personne et par quel moyen un abonné ou un utilisateur inscrit a communiqué, de déterminer le temps de sa communication ainsi que l’endroit à partir duquel celle-ci a eu lieu et de connaître la fréquence des communications de l’abonné […] avec certaines personnes pendant une période donnée.
Ces données, prises dans leur ensemble, sont susceptibles de fournir des indications très précises sur la vie privée des personnes dont les données s ont conservées, comme les habitudes de la vie quotidienne, les lieux de séjour permanents ou temporaires, les déplacements journaliers ou autres, les activités exercées, les relations sociales et les milieux sociaux fréquentés ».
TF1, Le Figaro, Le Parisien, Le Monde... Depuis 2016, Facebook verse des millions d’euros à plusieurs grands médias français pour produire des contenus vidéo sur son réseau social. Une pratique qui pose la question de la dépendance des rédactions et ouvre la voie à un système à deux vitesses pénalisant les « petits médias ».
Tracker profile of Google Analytics. Reach, domains it operates under, tracking technology, web presence by type of site and more.
CrookedStyleSheets - Webpage tracking only using CSS (and no JS)
Adieu Outlook, adieu Exchange Server, bienvenue à Open-Xchange. Adieu IE, Adieu Office, Firefox et LibreOffice bienvenue. Barcelone devient avec cette initiative la première commune à rejoindre la campagne européenne "Public Money, Public Code".
Des entreprises se spécialisent dans l'accompagnement et la distribution de logiciels libres pour les entreprises. Ce secteur représente aujourd'hui plus..
ghacks-user.js - An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting
My new year’s resolution was to give up on reading Twitter and Facebook.
Ad-tech firm Criteo likely to cut its 2018 revenue by more than a fifth after Apple blocked ‘pervasive’ tracking on web browser Safari
Steven Pinker is a liberal, Jewish professor. But social media convinced people that he’s a darling of the alt-right.
L’entreprise ne compte pas y remédier, car cette défaillance est très difficile à exploiter en pratique. WhatsApp reste ce qu’il se fait de mieux en matière de messageries sécurisées.
« Dire que votre droit à la vie privée importe peu car vous n’avez rien à cacher revient à dire que votre liberté d’expression importe peu, car vous n’avez rien à dire. Car même si vous n’utilisez pas vos droits aujourd’hui, d’autres en ont besoin. Cela revient à dire : les autres ne m’intéressent pas » : Edward Snowden, qui témoigne dans Nothing to hide parmi une vingtaine d’autres intervenants, est toujours sur la même ligne, celle qui consiste à faire passer l’intérêt de la société devant les considérations individuelles. C’est aussi ce à quoi invite ce documentaire réalisé par deux journalistes, le Français Marc Meillassoux et l'Allemande Mihaela Gladovic.
[...]
« Il n’y a pas un argument valable pour tout le monde, nous détaille l’auteur du documentaire, Marc Meillassoux. Certains réagissent sur les notations financières en craignant d’avoir à payer plus cher leur emprunt ou leur assurance maladie selon ce que leurs données auront révélé de leur mode de vie. D’autres sont sensibilisés à la notion du tabou et à ce qui doit rester dans la sphère privée, par exemple si une personne de leur famille est touchée par une maladie mentale. D’autres peuvent avoir peur que le fisc ait accès à leurs données personnelles. Notre documentaire veut davantage insister sur le second aspect, sociétal : une tyrannie, qu’elle passe par une agression physique extérieure ou par la scrutation permanente de la population, reste une tyrannie. La surveillance policière est le fondement d'un État policier. Il faut se demander ce que c’est que de vivre dans une société où nos juges, avocats, chercheurs et journalistes sont potentiellement surveillés et sous contrôle. »
La Commission nationale informatique et liberté vient sanctionner l’inaction de Darty, déjà mis en demeure pour avoir laissé des données personnelles d’utilisateurs accessibles sur son site.
Cent mille euros. C’est la sanction que la Commission nationale informatique et libertés (CNIL) a infligé, mardi 9 janvier, à Darty, « pour ne pas avoir suffisamment sécurisé les données de clients ». Dans un communiqué, le gendarme de la vie privée déplore un défaut de sécurité du formulaire permettant au client de contacter, en ligne, le service après-vente de Darty. Ce qui rendait possible « d’accéder librement à l’ensemble des demandes et des données renseignées par les clients ».
Gluster permet de mettre en cluster plusieurs nœuds de stockage (à minima deux), ce qui permet de répondre à deux problématiques majeures dès qu’une application a besoin de pouvoir monter en charge : la parallélisation et la réplication du stockage. Pour fournir ces fonctionnalités sur un volume, une « brick » en langage Gluster, le système s’appuie sur des systèmes de fichiers traditionnels, XFS ou EXT4 au-dessus d’un périphérique en mode bloc (partition, LVM, RAID, etc..). Gluster travaille donc principalement au niveau fichier.
Contrairement à un certain nombre d’autres systèmes de fichiers de ce type, Gluster offre l’immense avantage de ne pas nécessiter de serveur de méta données pour fonctionner. De fait, cette absence ne constitue pas un point de faiblesse ou un élément supplémentaire à maintenir dans l’infrastructure de stockage. De plus, chaque fois que l’on ajoute un nœud au cluster, le système devient plus performant et l’augmentation de la performance est linéaire avec l’extension de l’infrastructure. Dernier point pour mettre en évidence cette simplicité de conception, il n’existe pas de notion de maître ou d’esclave avec GlusterFS.
Antoinette Rouvroy met en garde contre les big data qui, en nous résumant à un agrégat de données, peuvent décider de nos vies. Pour s’en libérer, il faut, assure-t-elle commencer par les démystifier.
GulfTech Research and Development
Entre révélation et assignation
Android phones gather your location data and send it to Google, even if you’ve turned off location services and don’t have a SIM card, Quartz reported today.
Did a loved one buy you an Amazon Echo over the holidays? Sorry about that. But now, in addition to well-founded fears about surveillance and security, you’ve got a new problem: ads.
Google used a tax trick involving the Netherlands to shield $19.2 billion from taxes.
Magisk Manager helps you to root your smartphone. We have seen that Google Play Store, unfortunately, removed Magisk Manager from play store. You can download magisk manager from official website without any survey and we provide direct download links to enjoy new features.
I finally got my hands on a Raspberry Pi 3 and wanted to see how it compares to the Pi 2 (review + benchmarks incoming!), but one of the first things I wanted to test was overclocking the microSD clock for better disk I/O. On average, with all the cards I've tested so far, overclocking the microSD reader resulted in 25-50% better performance for real-world disk operations (benchmarks further down in this post). And with a reliable power supply, you shouldn't need to worry about reliability or corruption (in my limited stress testing, I only had one corruption, and that was when I was using my cheaper iClever power supply).
Facebook has just come under even more scrutiny today for its lack of oversight into algorithmic ad targeting following a new joint investigation from The New York Times and ProPublica, this time focused on potential age discrimination. Similar to how ProPublica illustrated last year and again just last month how housing ads on Facebook could exclude users by so-called “ethnic” and “multicultural” affinities, this new report shows how the social network also lets advertisers exclude certain age groups for job ads.